The popular press is awash with news that hackers have breached HBO’s cyber defenses and have allegedly stolen steal than 1.5 terabytes of data, including scripts from unaired Game of Thrones episodes. As fascinating as this news may be to consumers of popular culture, it obscures more serious cyberattack news stories that have far deeper consequences. Consider, for example, the five most significant network hacks from the past several years.
- In 2014, hackers exploited a vulnerability in OpenSSL using a tool known as “Heartbleed” to break into a virtual private network (VPN) that a major corporation had used to encrypt data and communications. Individuals and businesses routinely rely on the added encryption provided by a VPN to ensure confidentiality of communications. This recent hack reveals that even VPNs have their weaknesses.
- A foreign government was believed to be behind a 2015 hack attack on the insurance giant, Anthem Health. That hack compromised more than 78 million consumer health and insurance records. More recently, the governments or government proxies of North Korea, China, Russia, and the United States have all been accused of participating in hacking activities.
Image source Flickr
- The “Petya” ransomware attack crippled more than 60 percent of computers and networks in the Ukraine in early 2017. A subsequent analysis of the attack suggested that although the attackers demanded a ransom to release frozen systems, the attack might have had a moiré sinister purpose of disabling the Ukraine’s technology infrastructure.
- The Dyn distributed denial-of-service (DDoS) attack that struck a significant number of computers and networks in North America and Europe in late 2016 was the largest ever cyberattack launched on the internet. The attack continued for several days, affecting servers utilized by Twitter, Netflix, CNN, and other major web players.
- The Wannacry ransomware attack in early 2017 was stopped early in its tracks by good luck and quick thinking on the part of the individuals who first noticed it. Still this cyberattack crippled parts of the United Kingdom’s National Health Service and enriched the hackers who demanded and were paid more than $100,000 to release various systems and networks.
The scope and scale of these massive cyberattacks should cause all businesses, regardless of size, to reassess their cybersecurity strategies. In all likelihood, like HBO, the entities that were affected by these cyberattacks had erected defenses against hacking and gave their employees at least some rudimentary education and training in eliminating the human error and conduct that exposes a network to cyberattacks. Yet as these attacks suggest, even commonly-suggested cyber defense strategies, such as VPNs, are not fully effective against determined groups of hackers, particularly if those hackers have government resources behind them.
This does not suggest that businesses should abandon all hope and give up on their cyber defenses. Rather, they need to confirm that those strategies are up-to-date and consistent with the latest tools and techniques to fend off cyberattacks. Realizing, however, that none of those tools and techniques will be foolproof, businesses also need to develop a plan to respond when they do experience a successful attack. Cyber security insurance is a mandatory part of that plan.
Cyber security insurance will cover a business’s direct losses when a cyberattack damages data and hardware, which gives the business some assurances that its profits will not be entirely consumed by the need to recover those elements. Insurance can also protect a business against third party liabilities and regulatory fines that may be levied when a business loses its customers’ personal or financial information. Depending on the size of the business, a single cyberattack can cost anywhere from $30,000 to $2 million or more. Few businesses are equipped to absorb these kinds of costs directly. Cyber security insurance can cover these losses and allow a business to continue its operations with a minimum of interruptions after it experiences a cyberattack.
“You can’t fully protect yourself from DDoS attacks”.
1 on 1 with website security specialist, Igal Zeifman, from Incapsula.
DDoS attacks are constantly staring in the tech news world. For those of you who have been living on a different planet – Distributed Denial of Service Attack, or DDoS attacks are malicious attempts to make a server or a network resource unavailable to users, usually by temporarily interrupting or suspending the services of a host connected to the Internet.
We sat down with website security expert, Igal Zeifman, to learn a bit more on this rapidly growing phenomenon and how and if you can protect yourself from it.
Q: We are hearing a lot about DDoS attacks recently. Can you explain why they’re becoming so common?
Zeifman: There are several reasons that come to mind. Most prominently, DDoS attacks are becoming more common due to the simple reason that they became much easier to carry out. As strange as it may sound, today you can actually rent a medium-sized DDoS botnet for as low as $30-50. With the availability of such services, some of which are openly advertised on YouTube and appear in Google search, anyone can become an attacker.
Unlike a few years ago when you needed some kind of technological expertise and a pretty substantial budget to execute a significant DDoS attack, today the bar of entry has been lowered to the point where just about anyone can potentially execute a mid-scale DDoS attack, almost on a whim. So it should come as no surprise that DDoS is turning into the “weapon of choice” for attackers out to do some cyber-mischief. This is exactly what we recently saw with the recent DerpTrolling DDoS campaign.
On the high end, we also see that large-scale DDoS events are becoming more common, due to the constant growth and evolution of network resources. As servers and personal computers become more powerful, so does the scale of network DDoS attacks. This trend will only continue to grow and we are likely to see more and more large-scale events in the foreseeable future.
Q: What recent DDoS attacks has Incapsula stopped?
Zeifman: That’s a loaded question. The simple reality is that there is always some kind of attack going on, so our network is blocking DDoS 24/7. Having said that, most of these events are not noteworthy, peaking at 20-30Gbps, which means that we hardly even notice them.
However, we do find ourselves surprised by the increasing sophistication of today’s attackers from time to time. For example, a few months ago we blocked a 100Gbps DDoS attack on the world’s largest bitcoin exchange. A few weeks later we saw an extremely complex Layer 7 DDoS attack, which employed 180,000 different machines to generate over 690 million hits a day for over a week. Most alarmingly, the attackers were using a new technology, employing headless browsers to try and bypass our defenses.
Q: What’s the best way to prepare a site against DDoS attacks?
Zeifman: Honestly, you can’t. Granted, you can take some steps to protect yourself from low-level network attacks, but what can you do against 690 million human-like bot visitors? To mitigate such an attack, you would need a robust Bot Classification solution and an on-premises security team. We had those in place, but I can’t think of many private sites that have access to such capabilities. The target, in that case, was a very large financial site and they had all types of IT resources that most website owners could only dream of… Still, when the attack hit, they knew they were outclassed and sought professional help.
You see, DDoS mitigation is not a hobby. It’s not a “do-it-yourself” type of thing. If you are running a serious business-oriented website, you can’t afford to do a poor job and risk downtime, loss of revenue and – most importantly – your users’ trust.
Q: Do you see DDoS as a temporary phenomenon? Will it soon be replaced by the next cyber-threat or will we see such attacks increasing over time?
Zeifman: Unfortunately, it’s hard to see any short-term scenario in which DDoS attacks will stop being an issue and services for DDoS protection like Incapsulas will be in demand. Hopefully, somewhere down the road, we will see some ISP level solutions that will be able to block many of the attacks on the backbone level. At that point, Layer 7 DDoS will continue to be an issue but at least part of the problem will be solved. But until that day comes, DDoS is here to stay.
Q: Where can we learn about Incapsula’s DDoS Protection?
Zeifman: You can always visit our DDos Protection section, where we explain more about our solution architecture, our SLA and other aspects of our anti-DDoS services.